The House of Representatives passed legislation Tuesday that would codify and reform the Federal Risk and Authorization Management Program, or FedRAMP.
The program office, created in 2011 within the General Services Administration, provides federal agencies a standardized approach to security assessments, authorizations and monitoring of cloud computing services.
The FedRAMP Authorization Act, sponsored by Reps. Gerry Connolly, D-Va., James Comer, R-Ken., and Jody Hice, R-Ga., aims to address several concerns raised by industry and federal stakeholders over the years, including speeding up the time it takes for cloud solutions to be utilized by agencies.
“The current state of cloud adoption in the federal government involves various agency-specific processes, making it complicated for agencies to issue an authorization to operate for cloud services, even when a cloud service provider has already been authorized for use at other agencies,” Connolly said in a statement. “For nearly four years, I have worked with the Office of Management and Budget, GSA, industry stakeholders, and my friends on the other side of the aisle to ensure that the bill makes needed improvements to the FedRAMP program, and also gives the program flexibility to grow and adapt to myriad future changes in cloud technologies.”
The bill—one of the first passed by the new 117th Congress—is a virtual copy of legislation passed twice in the House during the previous Congress. The bill was included as an amendment to the House National Defense Authorization Act of 2021 but did not make the final version of the bill.
The bill would push GSA to automate processes to promote reciprocity for security validations from one agency to another and would call on the agency to establish a committee to ensure dialog among GSA, agency cyber and procurement officials and industry. In addition, the bill would authorize $20 million in annual appropriations for the FedRAMP program office.